1. Field of the Invention
The present invention relates to a system to protect data more particularly either destroying the device on which the data is stored or overwriting the data using the DOD 3 pass standard.
2. Description of Prior Art
Data breaches from lost or stolen media are one source of large-scale data compromises. The average cost of a data breach is $5.4 million for 2013. One exposed hard drive from a company could cost $3,500,000 per record. Yet there is no set procedure for protecting this data when a hard drive or similar storage device needs to be replaced or destroyed. 62 data breaches were reported in 2013 that involved over 55.2 million records.
One of the leading causes of large-scale data breaches is lost or stolen media. It is estimated that 800,000 plus portable media are lost or stolen each year which includes USB, hard drives, data tape and CD/DVDs. 69% of these contained sensitive or protected information.
Many organizations fail to identify and track the data bearing units and if they do, it is not done electronically and with oversight. These failures result in missing devices and data and therefore data comprises.
Small and large organizations have stopped using layers of security involving individuals from multiple areas that would require large scale manipulation to successfully get away with taking a unit that currently holds data.
The unit that currently holds data or at one time held data fails due to the design or from malfunctioning components or the unit needs replaced for other reasons. It creates a problem to the organization that has the unit to keep the data from breaches, which can damage their corporate brands, and exposing them to legal risk and financial loss.
Currently their process of detecting and processing the unit that holds data or at one time held data are not within compliance of many regulations. This includes not knowing the serial number of data bearing device before its failure, not tracking the device at all, removing the device and then laying it around unsecured, taking devices with data outside the secure area for processing, using just one technician to conduct a critical data center procedure, no training certification, no reconciliation method to search for discrepancies, and no means for management oversight. So these other methods are not a complete and comprehensive solution, and do not meet the ISO 27001 standards.
There is still room for improvement in the art.